Описание
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):600:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):603:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):604:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):605:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):606:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):616:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):617:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):618:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(ea-finserv\):800:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(s4core\):101:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(s4core\):102:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(s4core\):103:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_\(s4core\):104:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00228
Низкий
4.3 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
EPSS
Процентиль: 45%
0.00228
Низкий
4.3 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862